Security

How to write/create permission under /etc from python?

dominiquevocat
SplunkTrust
SplunkTrust

It seems to me that a python script (custom command and/or controller have no write permission under /etc)

Is this me making a mistake or is this a default setting and if so, can it be overcome? (maybe not due to security considerations)

I realize that for a search head cluster this could be non trivial .

0 Karma

micahkemp
Champion

Do you mean the system's /etc, or $SPLUNK_HOME/etc?

If the former, I'd expect that to be the case, unless you have splunk running as root (and I hope you don't). If the latter, I can't see why a custom search command wouldn't have the same permissions to anything under $SPLUNK_HOME, considering it should be running as the same user. I don't believe chroot or anything similar is used when Splunk calls external commands.

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Get Agentic with Splunk Lantern: Connect to Cisco Cloud Control, Transform ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

July Community Events: Master ITSI 5.0 & Automate Splunk

Struggling with alert fatigue or feeling like you're spending more time on infrastructure maintenance than ...

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...